FedRAMP and FIPS 140-2/140-3 Encryption Validation

Achieving FedRAMP authorization requires a hardened approach to cryptographic validation beyond shallow ciphers. For CSPs, simply saying that you use AES-256 or support TLS without verified, validated cryptographic modules introduces fatal flaws into authorization efforts.  To succeed, CSPs must build systems that assume validation is an operational need and not something they do after the… Read More

CAVP, FIPS, and Securing Cryptography Systems

Most security standards, including government standards, require cryptography. We are generally familiar with implementing a cryptographic algorithm that meets these requirements and calling it a day. However, to ensure security, NIST also publishes standards for validating encryption modules to ensure they serve their purpose under federal standards.  Here, we’re discussing the Cryptographic Algorithm Validation Program… Read More

What Are Federal Information Processing Standards (FIPS)?

Federal Information Processing Standards (FIPS) are essential for federal agencies and contractors to ensure the security of sensitive information, such as classified data, personally identifiable information, and financial data.  This article will describe some of the most common FIPS security standards, their importance, and how federal agencies and contractors use them. We will also discuss… Read More

FedRAMP and FIPS-Defined Impact Levels

One of the foundational pieces of information that a cloud provider needs to know when preparing for their FedRAMP Authorization is the required Impact Level. These levels aren’t generic labels applied by agencies to highlight the importance of their data–they are clearly-defined categories laid out by the National Institute of Standards and Technology (NIST) to… Read More